Custom SSO for the Enterprise REST API

I am working with a client now on an enterprise installation of Activiti 1.2 (with potential to upgrade to 1.3 if needed). I have scoured the docs, forums and internet and cannot find a way to enable SSO on the Enterprise REST API.

We are looking to accomplish something similar to what SiteMinder does - sends an HTTP header with the username. This is then trusted within Activiti as authentication has already occurred.

Alfresco supports this via external SSO. The Activiti open source REST API also appears to support this. However, I cannot figure out how to enable this feature within the Enterprise REST API.

I was hoping for an override extension point where we deploy our jar with a "AuthenticationManager" and that becomes @Autowired in.